Bug#731463: Bug#718434: ca-certificates: should CAcert.org be included?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Dec 7 00:21:52 UTC 2013
On 12/06/2013 07:13 PM, Michael Shuler wrote:
> #2 - All CAs included in ca-certificates are available to have the trust
> turned off. If you have a concern about a particular CA and do not
> trust them, disable that CA.
can we ship CAs marked as "disabled" by default? my impression is that
every CA shipped in ca-certificates right now is enabled automatically
unless the user has debconf's priority set to be more verbose than the
default.
> I'll keep thinking about it. If the Debian NSS maintainer has a strong
> opinion to remove CAcert's roots, then the same will happen in
> ca-certificates, in order to maintain the same CA set.
The other way to maintain the same CA set is for Someone™ to fix #704180
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20131206/b47a6b0c/attachment.sig>
More information about the pkg-mozilla-maintainers
mailing list